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DETAILED ACTION 

1 . Currently pending claims are 1 , 6 - 9 and 1 1 . 

Response to Arguments 

2. Applicant's remarks with respect to the double patenting rejection have been fully 
considered in view of the Terminal Disclaimer filed 3/1 1/2008. The Terminal Disclaimer has 
been made in record and the double patenting rejection has been withdrawn. 

3. Applicant's arguments with respect to the subject matter of the instant claims have 
been fully considered but are not persuasive. 

4. As per claim 1 , 9 and 1 1 , Applicant asserts Caronni fails to describe applying a group 
security association associated with the private network to the tunneled packet to provide a 
secure tunneled packet because Applicant submits that (a) the Examiner's assertion that 
mappings between internal and external addresses is analogous to a GSA is fundamentally 
flawed because such a mapping is neither (a) encompassed by the description in the 
specification, nor (b) capable of providing any practical measure of security for 
communications and (c) Caronni describes providing security elsewhere, but only point-to- 
point security techniques which suffer the scalability problem discussed above (Remarks: 
Page 6 / Last sentence). Examiner respectfully disagrees with the following rationale: 

• Regarding (a) - (b) Caronni teaches a tunnel packet is referred to encapsulating 
one packet inside another when packets are transferred between two entities to ensure 
that the communication between itself and enterprise network is secure in that it cannot be 
viewed by an interloper providing security protection such as authentication header and 
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key information for packet encryption / decryption (Caronni: Column 2 Line 27 - 33, 
Column 4 Line 38 - 52 and Column 12 Line 50 - 52 & Figure 6 / 2B). 
• Regarding (c) Caronni teaches establishing a "Supernet," which is a private network 
that uses components from a public-network infrastructure so a user may plug their device 
into the Internet from virtually any portal in the world and still be able to use the resources 
of their private network in a secure and robust manner ( Caronni: Column 4 Line 38 - 51 ) 
where any type of delivery scheme may be assigned to any address or group of 
addresses and the virtual network also maintains secure communications between nodes, 
while providing the flexibility of assigning delivery methods independent of the delivery 
address (Caronni: Column 3 Line 22 - 26 / Column 4 Line 58 - 60 and Column 7 Line 5 - 
33). 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all obviousness 
rejections set forth in this Office action: 

A person shall be entitled to a patent unless - 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 1 02 of this title, if the differences between the subject matter sought to be patented and the prior art 
are such that the subject matter as a whole would have been obvious at the time the invention was made to 
a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be 
negatived by the manner in which the invention was made. 

5. Claims 1,6-9 and 1 1 are rejected under 35 U.S.C. 1 03(a) as being unpatentable over 
Liu (U.S. Patent 2002/0154635), which incorporates the reference of Caronni et al. (U.S. Patent 
6,970,941) as shown in ( Liu: Para r00021 ), in viewofShimbo et al. (U.S. Patent 6,185,680). 
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As per claim 1 and 9, Liu teaches a method of securing packet data transferred between 
a first and second member of a private network coupled to client edge devices over a backbone 
comprising a plurality of provider devices including provider edge devices (Liu: Figure 3 / 
Element 324; a router device tc interconnect between a VPN private network and a public 
network is qualified as one type of edge devices), the backbone operating according to a routing 
protocol (Caronni : Column 2 Line 14-35 and Column 4 Line 38 - 52: "tunneling" refers to 
encapsulating one packet inside another when packets are transferred between two end points 
to ensure that the communication between itself and enterprise network is secure in that it 
cannot be viewed by an interloper), the method comprising the steps of: 

encapsulating a private address of a packet from the first member with a group header 
including a public address associated with the first member and a group address to generate a 
tunneled packet (Caronni : Figure 2B & 6 / Element 640, Column 2 Line 30, Column 7 Line 10 - 
20, Column 4 Line 40 - 60 and Column 6 Line 6-8: Caronni teaches a Supernet is indeed a 
private network that has its own internal addressing scheme (Caronni: Column 6 Line 8-10) 
and a Supernet ID is included in the packet transformation qualified as a Group ID / address 
and the real IP address is the public address); 

transforming, at a client edge device o ^ v 

interconnect between a VPN private network and a public network is qualified as one type of 
; ige de\ c s), the tunneled packet by first applying a group security association associated with 
the private network to the tunneled packet to provide a secure tunneled packet and then adding 
a header field the secure tunneled packet (Caronni: Column 2 Line 27 - 33, Column 4 Line 38 - 
52 and Column 12 Line 50 - 52 & Figure 6 / 2B and Column 3 Line 22 - 26 / Column 4 Line 58 
- 60 and Column 7 Line 5 - 33: (a) Caronni teaches a tunnel packet is referred to encapsulating 
one packet inside another when packets are transferred between two entities to ensure that the 
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communication between itself and enterprise network is secure in that it cannot be viewed by an 
interloper providing security protection such as authentication header and key information for 
packet encryption / decryption and (b) Caronni teaches establishing a "Supernet," which is a 
private network that uses components from a public-network infrastructure so a user may plug 
their device into the Internet from virtually any portal in the world and still be able to use the 
resources of their private network in a secure and robust manner_{Caronni: Column 4 Line 38 - 
51 ) where any type of delivery scheme may be assigned to any address or group of addresses 
and the virtual network also maintains secure communications between nodes, while providing 
the flexibility of assigning delivery methods independent of the delivery address), the added 
header field including a gateway address (See Simbo below) associated with the first member 
of the private network and a destination address of the second member of the private network to 
provide a client transformed packet (Caronni : Column 7 Line 5 - 33, Column 3 Line 17-21 
and Column 1 1 Line 37 - 43: (a) the mappings of the internal / private address, known as node 
ID, which is considered as a part of the group security association and the Supernet contains a 
modification to the IP packet format that can be used to separate network behavior from 
addressing and besides, the security association (SA) is related to Authentication Header (AH) 
and (b) the Supernet contains a modification to the IP packet format that can be used to 
separate network behavior from addressing or the destination address becomes the real public- 
network destination address w.r.t the routing protocol of the backbone). 

However, Caronni does not disclose explicitly the added header field including a 
gateway address . 

Shimbo teaches the added header field including a gateway address (Shimbo: Column 
26 Line 28 - 36 & Caronni : Column 7 Line 7 - 13 and Column 9 Line 1 - 5 & Figure 6 and 
Column 12 Line 11-19, Column 6 Line 8-10 Figure 2B : (a) Shimbo teaches appending a 
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gateway source address with the source address of the packet to the second portion (Shimbo: 
Column 26 Line 28 - 36 & Caronni : Figure 2B & Column 12 Line 11-19) and (b) Caronni 
teaches a Supernet is indeed a private network that has its own internal addressing scheme 
(Caronni: Column 6 Line 8-10) and a Supernet ID is included in the packet transformation 
qualified as a Group ID (Caronni: Column 7 Line 7-13 and Column 9 Line 1 - 5 & Figure 6). 

It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to combine the teaching of Shimbo within the system of Liu because (a) 
Liu teaches a mechanism to extend private networks onto a public infrastructure (Liu: Para 
[0015] and [0018]) / Caronni teaches modifying a IP packet format so that any type of delivery 
scheme may be assigned to any address or group of addresses (Caronni: Column 3 Line 19 - 
25) and (b) Shimbo teaches providing an efficient, flexible and secured method to protect the 
data communication in any type of networks such as hierarchical organized or mobile computing 
environment by using a security gateway (Shimbo: Column 3 Line 39 - 50). 

Liu / Caronni in view of Shimbo teaches: 

forwarding the client transformed packet to a provider edge device (Liu: Figure 3: the 
router where a packet exits the shared IP public network is considered as the provider edge 
device); and 

replacing, at the provider edge device, a destination field of the packet with a group 
identifier associated with the private network for routing the packet across the backbone 
(Shimbo: Column 26 Line 28 - 36 & Caronni : Figure 2B & Column 12 Line 11-19, Column 6 
Line 8-10 and Column 7 Line 7-13 and Column 9 Line 1 - 5 & Figure 6 (a) Shimbo teaches 
appending a gateway source address with the source address of the packet to the second 
portion (Shimbo: Column 26 Line 28 - 36 & Caronni : Figure 2B & Column 12 Line 11-19) and 
(b) Caronni teaches a Supernet is indeed a private network that has its own internal addressing 
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scheme (Caronni: Column 6 Line 8-10) and a Supernet ID is included in the packet 
transformation qualified as a Group ID (Caronni: Column 7 Line 7-13 and Column 9 Line 1 - 5 
& Figure 6). 

As per claim 11 - . ^ ^\ n n ^ " - 

the paragraph above regarding to ciaim 1 with the except ) i s t N% i i t a key table, the key 
table including a security association for each private network that the node is a member. 
However, Caronni leaches a key table, the key table including a security association for each 
private network that the node is a member (Caronni : Column 7 Line 5 - 33 : VARPDB stores 
the mappings of the internal / private address, known as node ID, which is considered as a part 
of key table). 

As per claim 6, Caronni as modified teaches the group security association is 
associated with each member of the private network (Caronni : Column 7 Line 5 - 33, Column 3 
Line 17-21 and Column 1 1 Line 37 - 43: VARPDB stores the mappings of the internal / private 
address, known as node ID, which is considered as part of a group security association). 

As per claim 7, Caronni as modified teaches member of the private network registering 
with a global security server; the global security server forwarding the group security 
association to each member of the private network (Caronni : Column 7 Line 64 - 67: KMS = 
Key Management Server : generating a new key and forwarding to each member of the private 
network). 



Application/Control Number: 1 0/661 ,903 Page 8 

Art Unit: 2131 

As per claim 8, Caronni as modified teaches the global security server periodically 
forwarding a new group security association to each member of the private network (Caronni : 
Column 12 Line 3: updated every ten seconds). 

Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as 
set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the mailing date 
of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner 
should be directed to LONGBIT CHAI whose telephone number is (571)272-3788. The 
examiner can normally be reached on Monday-Friday 9:00am-5:00pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz R. Sheikh can be reached on 571-272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private 
PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you 
would like assistance from a USPTO Customer Service Representative or access to the 
automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



/Longbit Chai/ 
Longbit Chai Ph.D. 
Primary Examiner, Art Unit 2131 
4/24/2008 



